Choose State Change Location
HOME » About Us » Our Perspective » View by Date » Archives » 2002 » Security Imperatives Post-Sept. 11: An Electric Industry Perspective

Security Imperatives Post-Sept. 11: An Electric Industry Perspective

Speech to Piedmont Carolinas Electric Utilities
Bill Coley
President
Duke Power

The events of Sept. 11 and their aftermath have shaken us all and forever changed the way we view the world around us. No words can lessen the pain of those who have suffered such loss. These events provide us perspective—and resolve. It’s certain that the fabric of our lives and businesses will be forever changed as we continue to take a fresh look at our work, our society, our personal lives, and the way we do business.

At Duke Power, we have operated at a heightened level of security since Sept. 11, and we continue to refine our preparedness and security plans through internal re-evaluations and cooperation with trade and industry organizations.

We are working closely with other utilities and local, state and federal authorities to ensure we continue to deliver our products and services to our customers while safeguarding our facilities, employees and, most importantly, the public.

Across Duke Energy, we have comprehensive security plans and a well-trained security workforce in place. We have put heightened security measures in place at all our locations and facilities. To date, we have not received any credible threats to our facilities, and we continue to operate safely and efficiently.

Regarding our nuclear facilities, our nuclear security program is thorough and in place 24 hours a day, every day, as are all of our security programs. Our nuclear security programs are evaluated for effectiveness on a regular basis by both the company and the U.S. Nuclear Regulatory Commission. Regular drills and exercises with local, state and federal agencies are an essential aspect of these programs.

We continue to operate our electric generating, transmission and distribution systems effectively and safely, maintaining reliable service.

Where Do We Go From Here?

The terrorist attacks of Sept. 11 served as a wake-up call to the United States by exposing vulnerabilities in our homeland security measures. All industries—including airlines, communications, banking, and the electric utility industry—are re-examining and, in some cases, updating their security measures to prevent and thwart threats. Public and private entities are cooperating as never before.

One such effort that I am associated with is an Edison Electric Institute (EEI) study to review and improve the security of the national electric infrastructure. This particular study was mandated by Congress and has the potential to bring about real change in our industry. The work of this group is ongoing and I want to take a few minutes to update you on the work of the committee thus far.

Strong Communication and Coordination Are Important

One of the key findings of this EEI study is the need for effective communication and coordination among companies, governments and the public. While this is a simple concept, the complexities involved in carrying it out make it anything but simple.

Let’s consider the kinds and numbers of agencies involved, for example. At the federal level, we’re involved with the Office of Homeland Security, the FBI, the Dept. of Defense, FEMA, FERC, and the NRC, among others.

On the state level, we interface with the Governors’ offices in North Carolina and South Carolina and state law enforcement agencies.

And then there’s local government, including the mayor’s office, city and county government, local emergency services along with local law enforcement.

In addition to the governmental agencies, there are trade and industrial organizations related to the utility industry, including NERC, SERC, EEI, NEI, and others.

And finally there are the electric utilities themselves—including investor owned, electric cooperatives and municipal systems.

Considering everyone involved, establishing communication and coordination protocols for such a broad group of agencies and companies will be quite a challenge.

It is critical for these entities to talk—to communicate effectively—if we are to prevent acts of terrorism in the future.

Public Disclosure of Infrastructure Information

As an industry, we must guard against inadvertently providing information that could be used to plan and carry out attacks on the electric infrastructure of America.

As the Internet has developed, companies have taken advantage of its capability to distribute corporate information. There are certainly advantages to this approach, and most would view this as a sound business practice. And as this practice has grown, so has the comfort level regarding the types and amount of information that is published and open for everyone to review. In some cases, however, this dramatically increased capacity to share information with the public could provide a source of information vital to the development and implementation of sinister plans. Of course this is inadvertent, and many companies, including Duke Energy, have taken steps to review and delete from their websites information that could be used in terror attacks.

One thing is clear about terrorists, they will find and take advantage of any opportunity they are provided. We all must take steps to avoid providing potential terrorists with any opportunities.

Evaluate Systems for Risk Exposure

The surest way to identify and correct any areas where we have exposure is to conduct a comprehensive risk assessment of our systems. These assessments must be thorough and comprehensive, covering all aspects of our operations. And, if we find an area where additional action must be taken, we must take that action immediately. Certainly, this includes a review of generation, transmission and distribution infrastructure. It must also include support infrastructure that is vital to our continued operation. Such areas include fuel supply and fuel storage, including the impoundments of hydroelectric plants. The long-term delivery and storage of the fuel necessary to generate electricity are critical to our ability to meet the electrical demands of our customers.

The same concept applies to critical equipment and parts, their storage and their delivery routes. Consider for a moment how our industry would be impacted if all trucking traffic was halted, even for a few days, as airline travel was during and in the wake of September 11. And what about those who manufacture and supply these critical elements—how susceptible are their operations to attack? Are there alternatives?

We’ve already touched on computer systems, but in accessing our critical supporting infrastructures, we must consider potential physical attacks on facilities that house computer system hardware as well as cyber-attacks through Internet connections and viruses.

Additionally, our operating and control facilities must also be safeguarded.

Of course, identifying areas of concern is only the first step. Then we must develop and carry out plans. We must continue to be alert to other issues that arise. Continuing assessments must also be carried out on a periodic basis to prevent complacency from creeping into our operations.

Review and Enhance Existing Security Measures

The areas most susceptible to complacency are the existing, highly familiar security measures—because they’re so familiar. So we need to look at them as if they’re totally new and, where appropriate, enhance them.

Terrorists have proven themselves to be a crafty lot who are capable of identifying any weakness and exploiting it with painfully simple methods. Unfortunately, the obvious and the simple are frequently the most difficult to detect or guard against. I expect that we’ve all heard of individuals who impersonate utility employees to gain access to a home or facility. How many times do people question those who “look official” and claim to represent a familiar organization?

If this phenomenon is already occurring with petty criminals, we can be confident that terrorists have already considered impersonation as a possible method for some plot.

Planning, Practice and Training

All of these elements only highlight the need to develop thorough plans of the best ways to prevent, deal with and recover from potential attacks. No system is totally resistant to attack, and anticipating possible events allows us to minimize damage, prevent “down stream” damage and speed up recovery. I can’t think of a better application for the old saying “practice makes perfect” than in reference to practicing well-developed emergency plans and fine-tuning them afterward.

Of course practice means training. To successfully prevent, defend and recover, we must provide the training necessary to enable our personnel to prevent and respond to crisis situations in a manner that protects the lives of our employees, the safety of the public, and effectively resolves the crisis situation.

Multiple Communication Networks

Responding to a crisis requires effective and reliable communication systems. To ensure that reliable equipment is available, we must anticipate different possibilities and develop redundancy where it is essential. By doing so, we can continue to share needed information and coordinate actions should one or more of the communication systems we use daily fail for some reason.

Hurricanes, tornadoes, terrorist attacks, whatever the threat—these can likely have serious impacts on traditional communication systems. We know that cellular and land-line phone use skyrockets during and after a crisis situation. Depending on the nature of the crisis, communications networks may be directly damaged, prolonging disruptions. It is in our best interest to plan ahead and develop alternatives that we can depend on to communicate internally and externally.

Availability of Funds and Assistance

Communication with external agencies will be critical to the quick restoration of systems impacted by an attack. Consider for a moment the amount of external assistance and funding needed in New York and Washington—and questions related to insurance in the future. All the planning and preventative steps we’ve discussed will doubtless drive up costs.

How America as a nation and we as businesses and members of the public choose to address the topic of funding is a critical issue that must be resolved before a comprehensive, nationwide effort can be successful. America must act proactively and responsibly to prevent future terrorist attacks. Our preparations must be thorough and well-organized but not create a cumbersome bureaucracy. And our preparations must balance the freedoms we value so highly with our need for security.

We must ensure that we do not sacrifice the freedoms we enjoy today—freedoms our ancestors fought and died to achieve. To sacrifice those freedoms would mean the terrorists would win.

Security measures needed in today’s environment is an important issue we must address across this nation, including here in the Carolinas. Duke Energy is committed to doing its part to responsibly protect our company, our employees, the public and our way of life.

Thank you for the opportunity to share my thoughts on this subject.